README
📦🔐 Verdaccio GitHub OAuth UI
A GitHub OAuth Plugin for Verdaccio – https://www.verdaccio.org
About

The plugin is similar to verdaccio-github-oauth, but also changes the UI login behaviour. When clicking the login button, instead of filling in a login form, you are asked to log in with GitHub.
In case you need CLI support for automation purposes, the plugin is also compatible with sinopia-github-oauth-cli.
Install
$ npm install verdaccio-github-oauth-ui
Compatibility
- This plugin is currently only compatible with Verdaccio 3.x.
- This plugin supports Node versions 6.5.x - 10.x.x
Configuration
Verdaccio Config
Merge the below options with your existing Verdaccio configuration:
middlewares:
github-oauth-ui:
client-id: $GITHUB_OAUTH_CLIENT_ID # required
client-secret: $GITHUB_OAUTH_CLIENT_SECRET # required
github-enterprise-hostname: $GITHUB_OAUTH_GITHUB_ENTERPRISE_HOSTNAME # optional, set this if you are using github enterprise
auth:
github-oauth-ui:
org: $GITHUB_OAUTH_ORG # required, people within this org will be able to authenticate
The configured values can be either a value or the name of an environment variable that contains the value.
GitHub Config
When creating the OAuth app at https://github.com/settings/developers, the callback URL should be:
YOUR_REGISTRY_URL/-/oauth/callback
If url_prefix
is specified in the Verdaccio config then it must match the YOUR_REGISTRY_URL
.
How to Login
Verdaccio
Click the login button and login at GitHub, if not already logged in.
Authorize the registry.
Important: When using a private GitHub org, make sure to click the Request button for read:org
access. See #5.
After successful login and authorization, you're redirected back to the verdaccio registry.
Command Line
To set up authentication with the registry in your npm CLI, you'll need to run the commands shown in the header:
To verify that the authentication token is set up correctly, run the following command:
$ npm whoami --registry YOUR_REGISTRY_URL
n4bb12
If you see your GitHub username, you are ready to start publishing packages.
Unless the token is revoked by you in the GitHub settings, it never expires.